Vulnerabilities in global vessel tracking systems: Trend Micro

8th November 2013 | By Mouseworld Now Correspondent | 1 Comment

Trend-micro 175 into 175New Delhi, India, November 8, 2013: Trend Micro, a global player in security software, warns of vulnerabilities discovered in global vessel tracking systems like the Automatic Identification System (AIS). When compromised, communications of existing vessels can be hijacked to create fake vessels, trigger false SOS or collision alerts. With the AIS as a mandatory vessel tracking system for all passenger (regardless of size and weight) and commercial (non-fishing) ships over 300 metric tons, the risks go beyond monetary to include criminal activities like piracy.

Trend Micro found four issues with the AIS protocol:
· Lack of validity checks: The lack of geographical validation meant that it is possible to send an AIS message from any location for a vessel at another location.

· Lack of timing checks: With no time stamp information included in the message, cybercriminals can manipulate and replay valid AIS information at their choosing.

· Lack of authentication: Without authentication built into the AIS protocol, anyone with the ability to craft an AIS packet, impersonation of any other vessel can
occur.

· Lack of integrity checks: All AIS messages are sent in an unencrypted and unsigned form makes it easy for interception and modification.

Attacks can be executed on two fronts – the main AIS Internet providers and the actual specification of the AIS protocol used by hardware transceivers.

Forward Looking Threat researchers at Trend Micro found that the main AIS Internet providers that collect AIS information and distribute them publicly have vulnerabilities thatallow attackers to tamper with valid AIS data and inject invalid AIS data. These include the modification of all ship details from its position, course, cargo, flagged country, speed, name and Mobile Maritime Service Identity. Scenarios include the creation and modification of Aid to Navigations entities like buoys and lighthouses that could lead to harbor entrance blockages or even shipwrecks! With the power to change information, cybercriminals now have the ability to manipulate vessels, with unthinkable consequences.

Dhanya Thakkar, Managing Director, India & SAARC, Trend Micro said, “With flaws discovered in the actual specification of the AIS protocol used by hardware transceivers in all mandatory vessels, Trend Micro also warn of authority and alert impersonations, triggering false positives or sending out incorrect information that could lead to accidents. Other scenarios include the permanent disabling of a vessel’s AIS, where without one, the ship and its crew become more vulnerable toattacks from lurking pirates without warning from authorities. Cybercriminals could
also leverage the issuance of a fake Closest Point of Approach alert, where a false collision warning is sounded off, possibly triggering the vessel to recalculate a course to avoid collision and into the intended direction set by waiting criminals.”

Kylie Wilhoit, Forward Threat Researcher, Trend Micro said, “Leaving no stone unturned, cyber criminals are always coming up with new ways to exploit vulnerabilities. These scenarios depict how cybercriminals can cause harm to the maritime and shipping industry, through manipulation of the communication and information. There is a need for businesses and the authorities to take heed, be vigilant and better protected against such threats.”

Trend Micro urges the maritime and shipping industry to stay vigilant, and perform regular checks against alternative sources, like manual navigation systems, on information obtained from AIS. In addition, as providers look to improving current AIS, Trend Micro highlights three core issues in need for incorporation of defenses to be heightened: validity, authentication and encryption.

 

© Mouseworld Now News Service

Tags: , , , , , , , , ,

Nicole Pereira Says:
November 14th, 2013 at 10:57 am

Here are some good thoughts in reply to all the Buzz about AIS Hacking

Leave your comment

IMPORTANT! To be able to proceed, you need to solve the following simple math

What is 11 + 11 ?
Please leave these two fields as-is:

Mouseworldnow Videos
  • r chandrashekhar president nasscom
  • Anant Maheshwari, President, Microsoft India
  • Suresh_Vaswani-220 by 220

Channel News

  • Fox Mobiles Launches new range of Basic Keypad Phones more...
  • iValue is “APAC VAD” for Micro Focus more...
  • Telr launches its sub-brand TelrSecure more...
  • iValue is “APAC Emerging VAD” for AlgoSec more...
  • Rashi Peripherals Kick-Starts SI Training Program For Partners more...
Subscribe via email

Enter your email address:

QUESTION HOUR
What does the mouse ask?

Will the spurt in online video advertisement steal the twinkle from the TV ad platform?

View Results

Loading ... Loading ...
Newsletter Registration